CVE-2013-4321

Опубликовано: 20 мая 2014

Источник: nvd

CVSS2: 6.5

EPSS Низкий

Описание

The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.4 allows remote authenticated editors to execute arbitrary PHP code via unspecified characters in the file extension when renaming a file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4250.

Ссылки

https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-003/
Vendor Advisory
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-003/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:typo3:typo3:6.1:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:6.1.1:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:6.1.2:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:6.1.3:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:6.0.3:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:6.0.4:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:6.0.5:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:6.0.6:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:6.0.7:*:*:*:*:*:*:*

EPSS

Процентиль: 65%

0.00485

Низкий

6.5 Medium

CVSS2

Дефекты

CWE-94

Связанные уязвимости

CVE-2013-4321

debian

больше 11 лет назад

The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x ...

GHSA-m76j-69c2-c3m8

github

больше 3 лет назад

TYPO3 vulnerable to remote authenticated arbitrary code execution